sysdig 3.1.0 published on Tuesday, Oct 28, 2025 by sysdiglabs
sysdig.SecureVulnerabilityRuleBundle
Example Usage
Image Label Example
This example defines a rule bundle that checks for the presence or absence of specific image labels.
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureVulnerabilityRuleBundle;
import com.pulumi.sysdig.SecureVulnerabilityRuleBundleArgs;
import com.pulumi.sysdig.inputs.SecureVulnerabilityRuleBundleRuleArgs;
import com.pulumi.sysdig.inputs.SecureVulnerabilityRuleBundleRuleImageLabelArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleImageLabel = new SecureVulnerabilityRuleBundle("exampleImageLabel", SecureVulnerabilityRuleBundleArgs.builder()
.rules(
SecureVulnerabilityRuleBundleRuleArgs.builder()
.imageLabel(SecureVulnerabilityRuleBundleRuleImageLabelArgs.builder()
.labelMustExist("required-label")
.build())
.build(),
SecureVulnerabilityRuleBundleRuleArgs.builder()
.imageLabel(SecureVulnerabilityRuleBundleRuleImageLabelArgs.builder()
.labelMustNotExist("forbidden-label")
.build())
.build(),
SecureVulnerabilityRuleBundleRuleArgs.builder()
.imageLabel(SecureVulnerabilityRuleBundleRuleImageLabelArgs.builder()
.labelMustExistAndContainValue(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build())
.build())
.build());
}
}
resources:
exampleImageLabel:
type: sysdig:SecureVulnerabilityRuleBundle
properties:
rules:
- imageLabel:
labelMustExist: required-label
- imageLabel:
labelMustNotExist: forbidden-label
- imageLabel:
labelMustExistAndContainValue:
- requiredLabel: required-label
requiredValue: required-value
Severities and Threats Example
This example creates a comprehensive rule bundle that evaluates vulnerabilities based on severity, threat intelligence, and other risk factors.
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const exampleSeverities = new sysdig.SecureVulnerabilityRuleBundle("exampleSeverities", {
description: "Bundle with rules for high-priority vulnerabilities",
rules: [{
severitiesAndThreats: {
cisaKevAvailableSinceDays: 10,
cisaKevDueDateInDays: 21,
cisaKevInRansomwareCampaign: true,
disclosureOlderThanDays: 90,
epssPercentileAtLeastPercentage: 90,
epssScoreAtLeastPercentage: 80,
exploitNetworkAttackVector: true,
exploitNoAdminPrivileges: true,
exploitNoUserInteraction: true,
fixAvailableSinceDays: 30,
inUse: true,
packageType: "os",
publicExploitAvailableSinceDays: 15,
severityAtLeast: "high",
},
}],
});
import pulumi
import pulumi_sysdig as sysdig
example_severities = sysdig.SecureVulnerabilityRuleBundle("exampleSeverities",
description="Bundle with rules for high-priority vulnerabilities",
rules=[{
"severities_and_threats": {
"cisa_kev_available_since_days": 10,
"cisa_kev_due_date_in_days": 21,
"cisa_kev_in_ransomware_campaign": True,
"disclosure_older_than_days": 90,
"epss_percentile_at_least_percentage": 90,
"epss_score_at_least_percentage": 80,
"exploit_network_attack_vector": True,
"exploit_no_admin_privileges": True,
"exploit_no_user_interaction": True,
"fix_available_since_days": 30,
"in_use": True,
"package_type": "os",
"public_exploit_available_since_days": 15,
"severity_at_least": "high",
},
}])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/v3/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.NewSecureVulnerabilityRuleBundle(ctx, "exampleSeverities", &sysdig.SecureVulnerabilityRuleBundleArgs{
Description: pulumi.String("Bundle with rules for high-priority vulnerabilities"),
Rules: sysdig.SecureVulnerabilityRuleBundleRuleArray{
&sysdig.SecureVulnerabilityRuleBundleRuleArgs{
SeveritiesAndThreats: &sysdig.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs{
CisaKevAvailableSinceDays: pulumi.Float64(10),
CisaKevDueDateInDays: pulumi.Float64(21),
CisaKevInRansomwareCampaign: pulumi.Bool(true),
DisclosureOlderThanDays: pulumi.Float64(90),
EpssPercentileAtLeastPercentage: pulumi.Float64(90),
EpssScoreAtLeastPercentage: pulumi.Float64(80),
ExploitNetworkAttackVector: pulumi.Bool(true),
ExploitNoAdminPrivileges: pulumi.Bool(true),
ExploitNoUserInteraction: pulumi.Bool(true),
FixAvailableSinceDays: pulumi.Float64(30),
InUse: pulumi.Bool(true),
PackageType: pulumi.String("os"),
PublicExploitAvailableSinceDays: pulumi.Float64(15),
SeverityAtLeast: pulumi.String("high"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var exampleSeverities = new Sysdig.SecureVulnerabilityRuleBundle("exampleSeverities", new()
{
Description = "Bundle with rules for high-priority vulnerabilities",
Rules = new[]
{
new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleArgs
{
SeveritiesAndThreats = new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs
{
CisaKevAvailableSinceDays = 10,
CisaKevDueDateInDays = 21,
CisaKevInRansomwareCampaign = true,
DisclosureOlderThanDays = 90,
EpssPercentileAtLeastPercentage = 90,
EpssScoreAtLeastPercentage = 80,
ExploitNetworkAttackVector = true,
ExploitNoAdminPrivileges = true,
ExploitNoUserInteraction = true,
FixAvailableSinceDays = 30,
InUse = true,
PackageType = "os",
PublicExploitAvailableSinceDays = 15,
SeverityAtLeast = "high",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SecureVulnerabilityRuleBundle;
import com.pulumi.sysdig.SecureVulnerabilityRuleBundleArgs;
import com.pulumi.sysdig.inputs.SecureVulnerabilityRuleBundleRuleArgs;
import com.pulumi.sysdig.inputs.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleSeverities = new SecureVulnerabilityRuleBundle("exampleSeverities", SecureVulnerabilityRuleBundleArgs.builder()
.description("Bundle with rules for high-priority vulnerabilities")
.rules(SecureVulnerabilityRuleBundleRuleArgs.builder()
.severitiesAndThreats(SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs.builder()
.cisaKevAvailableSinceDays(10)
.cisaKevDueDateInDays(21)
.cisaKevInRansomwareCampaign(true)
.disclosureOlderThanDays(90)
.epssPercentileAtLeastPercentage(90)
.epssScoreAtLeastPercentage(80)
.exploitNetworkAttackVector(true)
.exploitNoAdminPrivileges(true)
.exploitNoUserInteraction(true)
.fixAvailableSinceDays(30)
.inUse(true)
.packageType("os")
.publicExploitAvailableSinceDays(15)
.severityAtLeast("high")
.build())
.build())
.build());
}
}
resources:
exampleSeverities:
type: sysdig:SecureVulnerabilityRuleBundle
properties:
description: Bundle with rules for high-priority vulnerabilities
rules:
- severitiesAndThreats:
cisaKevAvailableSinceDays: 10
cisaKevDueDateInDays: 21
cisaKevInRansomwareCampaign: true
disclosureOlderThanDays: 90
epssPercentileAtLeastPercentage: 90
epssScoreAtLeastPercentage: 80
exploitNetworkAttackVector: true
exploitNoAdminPrivileges: true
exploitNoUserInteraction: true
fixAvailableSinceDays: 30
inUse: true
packageType: os
publicExploitAvailableSinceDays: 15
severityAtLeast: high
Create SecureVulnerabilityRuleBundle Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureVulnerabilityRuleBundle(name: string, args: SecureVulnerabilityRuleBundleArgs, opts?: CustomResourceOptions);@overload
def SecureVulnerabilityRuleBundle(resource_name: str,
args: SecureVulnerabilityRuleBundleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureVulnerabilityRuleBundle(resource_name: str,
opts: Optional[ResourceOptions] = None,
rules: Optional[Sequence[SecureVulnerabilityRuleBundleRuleArgs]] = None,
description: Optional[str] = None,
name: Optional[str] = None,
secure_vulnerability_rule_bundle_id: Optional[str] = None,
timeouts: Optional[SecureVulnerabilityRuleBundleTimeoutsArgs] = None)func NewSecureVulnerabilityRuleBundle(ctx *Context, name string, args SecureVulnerabilityRuleBundleArgs, opts ...ResourceOption) (*SecureVulnerabilityRuleBundle, error)public SecureVulnerabilityRuleBundle(string name, SecureVulnerabilityRuleBundleArgs args, CustomResourceOptions? opts = null)
public SecureVulnerabilityRuleBundle(String name, SecureVulnerabilityRuleBundleArgs args)
public SecureVulnerabilityRuleBundle(String name, SecureVulnerabilityRuleBundleArgs args, CustomResourceOptions options)
type: sysdig:SecureVulnerabilityRuleBundle
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureVulnerabilityRuleBundleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureVulnerabilityRuleBundleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureVulnerabilityRuleBundleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureVulnerabilityRuleBundleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureVulnerabilityRuleBundleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureVulnerabilityRuleBundleResource = new Sysdig.SecureVulnerabilityRuleBundle("secureVulnerabilityRuleBundleResource", new()
{
Rules = new[]
{
new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleArgs
{
ImageLabel = new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleImageLabelArgs
{
Id = "string",
LabelMustExist = "string",
LabelMustExistAndContainValues = new[]
{
new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleImageLabelLabelMustExistAndContainValueArgs
{
RequiredLabel = "string",
RequiredValue = "string",
},
},
LabelMustNotExist = "string",
},
SeveritiesAndThreats = new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs
{
CisaKevAvailableSinceDays = 0,
CisaKevDueDateInDays = 0,
CisaKevInRansomwareCampaign = false,
CvssAtLeast = 0,
DisclosureDate = new Sysdig.Inputs.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsDisclosureDateArgs
{
From = "string",
To = "string",
},
DisclosureOlderThanDays = 0,
EpssPercentileAtLeastPercentage = 0,
EpssScoreAtLeastPercentage = 0,
ExploitNetworkAttackVector = false,
ExploitNoAdminPrivileges = false,
ExploitNoUserInteraction = false,
FixAvailable = false,
FixAvailableSinceDays = 0,
Id = "string",
InUse = false,
PackageType = "string",
PublicExploitAvailable = false,
PublicExploitAvailableSinceDays = 0,
SeverityAtLeast = "string",
SeverityEquals = "string",
},
},
},
Description = "string",
Name = "string",
SecureVulnerabilityRuleBundleId = "string",
Timeouts = new Sysdig.Inputs.SecureVulnerabilityRuleBundleTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
});
example, err := sysdig.NewSecureVulnerabilityRuleBundle(ctx, "secureVulnerabilityRuleBundleResource", &sysdig.SecureVulnerabilityRuleBundleArgs{
Rules: sysdig.SecureVulnerabilityRuleBundleRuleArray{
&sysdig.SecureVulnerabilityRuleBundleRuleArgs{
ImageLabel: &sysdig.SecureVulnerabilityRuleBundleRuleImageLabelArgs{
Id: pulumi.String("string"),
LabelMustExist: pulumi.String("string"),
LabelMustExistAndContainValues: sysdig.SecureVulnerabilityRuleBundleRuleImageLabelLabelMustExistAndContainValueArray{
&sysdig.SecureVulnerabilityRuleBundleRuleImageLabelLabelMustExistAndContainValueArgs{
RequiredLabel: pulumi.String("string"),
RequiredValue: pulumi.String("string"),
},
},
LabelMustNotExist: pulumi.String("string"),
},
SeveritiesAndThreats: &sysdig.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs{
CisaKevAvailableSinceDays: pulumi.Float64(0),
CisaKevDueDateInDays: pulumi.Float64(0),
CisaKevInRansomwareCampaign: pulumi.Bool(false),
CvssAtLeast: pulumi.Float64(0),
DisclosureDate: &sysdig.SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsDisclosureDateArgs{
From: pulumi.String("string"),
To: pulumi.String("string"),
},
DisclosureOlderThanDays: pulumi.Float64(0),
EpssPercentileAtLeastPercentage: pulumi.Float64(0),
EpssScoreAtLeastPercentage: pulumi.Float64(0),
ExploitNetworkAttackVector: pulumi.Bool(false),
ExploitNoAdminPrivileges: pulumi.Bool(false),
ExploitNoUserInteraction: pulumi.Bool(false),
FixAvailable: pulumi.Bool(false),
FixAvailableSinceDays: pulumi.Float64(0),
Id: pulumi.String("string"),
InUse: pulumi.Bool(false),
PackageType: pulumi.String("string"),
PublicExploitAvailable: pulumi.Bool(false),
PublicExploitAvailableSinceDays: pulumi.Float64(0),
SeverityAtLeast: pulumi.String("string"),
SeverityEquals: pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
Name: pulumi.String("string"),
SecureVulnerabilityRuleBundleId: pulumi.String("string"),
Timeouts: &sysdig.SecureVulnerabilityRuleBundleTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var secureVulnerabilityRuleBundleResource = new SecureVulnerabilityRuleBundle("secureVulnerabilityRuleBundleResource", SecureVulnerabilityRuleBundleArgs.builder()
.rules(SecureVulnerabilityRuleBundleRuleArgs.builder()
.imageLabel(SecureVulnerabilityRuleBundleRuleImageLabelArgs.builder()
.id("string")
.labelMustExist("string")
.labelMustExistAndContainValues(SecureVulnerabilityRuleBundleRuleImageLabelLabelMustExistAndContainValueArgs.builder()
.requiredLabel("string")
.requiredValue("string")
.build())
.labelMustNotExist("string")
.build())
.severitiesAndThreats(SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs.builder()
.cisaKevAvailableSinceDays(0.0)
.cisaKevDueDateInDays(0.0)
.cisaKevInRansomwareCampaign(false)
.cvssAtLeast(0.0)
.disclosureDate(SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsDisclosureDateArgs.builder()
.from("string")
.to("string")
.build())
.disclosureOlderThanDays(0.0)
.epssPercentileAtLeastPercentage(0.0)
.epssScoreAtLeastPercentage(0.0)
.exploitNetworkAttackVector(false)
.exploitNoAdminPrivileges(false)
.exploitNoUserInteraction(false)
.fixAvailable(false)
.fixAvailableSinceDays(0.0)
.id("string")
.inUse(false)
.packageType("string")
.publicExploitAvailable(false)
.publicExploitAvailableSinceDays(0.0)
.severityAtLeast("string")
.severityEquals("string")
.build())
.build())
.description("string")
.name("string")
.secureVulnerabilityRuleBundleId("string")
.timeouts(SecureVulnerabilityRuleBundleTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.build());
secure_vulnerability_rule_bundle_resource = sysdig.SecureVulnerabilityRuleBundle("secureVulnerabilityRuleBundleResource",
rules=[{
"image_label": {
"id": "string",
"label_must_exist": "string",
"label_must_exist_and_contain_values": [{
"required_label": "string",
"required_value": "string",
}],
"label_must_not_exist": "string",
},
"severities_and_threats": {
"cisa_kev_available_since_days": 0,
"cisa_kev_due_date_in_days": 0,
"cisa_kev_in_ransomware_campaign": False,
"cvss_at_least": 0,
"disclosure_date": {
"from_": "string",
"to": "string",
},
"disclosure_older_than_days": 0,
"epss_percentile_at_least_percentage": 0,
"epss_score_at_least_percentage": 0,
"exploit_network_attack_vector": False,
"exploit_no_admin_privileges": False,
"exploit_no_user_interaction": False,
"fix_available": False,
"fix_available_since_days": 0,
"id": "string",
"in_use": False,
"package_type": "string",
"public_exploit_available": False,
"public_exploit_available_since_days": 0,
"severity_at_least": "string",
"severity_equals": "string",
},
}],
description="string",
name="string",
secure_vulnerability_rule_bundle_id="string",
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
})
const secureVulnerabilityRuleBundleResource = new sysdig.SecureVulnerabilityRuleBundle("secureVulnerabilityRuleBundleResource", {
rules: [{
imageLabel: {
id: "string",
labelMustExist: "string",
labelMustExistAndContainValues: [{
requiredLabel: "string",
requiredValue: "string",
}],
labelMustNotExist: "string",
},
severitiesAndThreats: {
cisaKevAvailableSinceDays: 0,
cisaKevDueDateInDays: 0,
cisaKevInRansomwareCampaign: false,
cvssAtLeast: 0,
disclosureDate: {
from: "string",
to: "string",
},
disclosureOlderThanDays: 0,
epssPercentileAtLeastPercentage: 0,
epssScoreAtLeastPercentage: 0,
exploitNetworkAttackVector: false,
exploitNoAdminPrivileges: false,
exploitNoUserInteraction: false,
fixAvailable: false,
fixAvailableSinceDays: 0,
id: "string",
inUse: false,
packageType: "string",
publicExploitAvailable: false,
publicExploitAvailableSinceDays: 0,
severityAtLeast: "string",
severityEquals: "string",
},
}],
description: "string",
name: "string",
secureVulnerabilityRuleBundleId: "string",
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
});
type: sysdig:SecureVulnerabilityRuleBundle
properties:
description: string
name: string
rules:
- imageLabel:
id: string
labelMustExist: string
labelMustExistAndContainValues:
- requiredLabel: string
requiredValue: string
labelMustNotExist: string
severitiesAndThreats:
cisaKevAvailableSinceDays: 0
cisaKevDueDateInDays: 0
cisaKevInRansomwareCampaign: false
cvssAtLeast: 0
disclosureDate:
from: string
to: string
disclosureOlderThanDays: 0
epssPercentileAtLeastPercentage: 0
epssScoreAtLeastPercentage: 0
exploitNetworkAttackVector: false
exploitNoAdminPrivileges: false
exploitNoUserInteraction: false
fixAvailable: false
fixAvailableSinceDays: 0
id: string
inUse: false
packageType: string
publicExploitAvailable: false
publicExploitAvailableSinceDays: 0
severityAtLeast: string
severityEquals: string
secureVulnerabilityRuleBundleId: string
timeouts:
create: string
delete: string
read: string
update: string
SecureVulnerabilityRuleBundle Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureVulnerabilityRuleBundle resource accepts the following input properties:
- Rules
List<Secure
Vulnerability Rule Bundle Rule> - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - Description string
- A description for the rule bundle.
- Name string
- The name of the vulnerability rule bundle.
- Secure
Vulnerability stringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - Timeouts
Secure
Vulnerability Rule Bundle Timeouts
- Rules
[]Secure
Vulnerability Rule Bundle Rule Args - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - Description string
- A description for the rule bundle.
- Name string
- The name of the vulnerability rule bundle.
- Secure
Vulnerability stringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - Timeouts
Secure
Vulnerability Rule Bundle Timeouts Args
- rules
List<Secure
Vulnerability Rule Bundle Rule> - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - description String
- A description for the rule bundle.
- name String
- The name of the vulnerability rule bundle.
- secure
Vulnerability StringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts
Secure
Vulnerability Rule Bundle Timeouts
- rules
Secure
Vulnerability Rule Bundle Rule[] - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - description string
- A description for the rule bundle.
- name string
- The name of the vulnerability rule bundle.
- secure
Vulnerability stringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts
Secure
Vulnerability Rule Bundle Timeouts
- rules
Sequence[Secure
Vulnerability Rule Bundle Rule Args] - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - description str
- A description for the rule bundle.
- name str
- The name of the vulnerability rule bundle.
- secure_
vulnerability_ strrule_ bundle_ id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts
Secure
Vulnerability Rule Bundle Timeouts Args
- rules List<Property Map>
- A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - description String
- A description for the rule bundle.
- name String
- The name of the vulnerability rule bundle.
- secure
Vulnerability StringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureVulnerabilityRuleBundle resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Identifier string
- The external identifier of the vulnerability rule bundle.
- Id string
- The provider-assigned unique ID for this managed resource.
- Identifier string
- The external identifier of the vulnerability rule bundle.
- id String
- The provider-assigned unique ID for this managed resource.
- identifier String
- The external identifier of the vulnerability rule bundle.
- id string
- The provider-assigned unique ID for this managed resource.
- identifier string
- The external identifier of the vulnerability rule bundle.
- id str
- The provider-assigned unique ID for this managed resource.
- identifier str
- The external identifier of the vulnerability rule bundle.
- id String
- The provider-assigned unique ID for this managed resource.
- identifier String
- The external identifier of the vulnerability rule bundle.
Look up Existing SecureVulnerabilityRuleBundle Resource
Get an existing SecureVulnerabilityRuleBundle resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureVulnerabilityRuleBundleState, opts?: CustomResourceOptions): SecureVulnerabilityRuleBundle@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
identifier: Optional[str] = None,
name: Optional[str] = None,
rules: Optional[Sequence[SecureVulnerabilityRuleBundleRuleArgs]] = None,
secure_vulnerability_rule_bundle_id: Optional[str] = None,
timeouts: Optional[SecureVulnerabilityRuleBundleTimeoutsArgs] = None) -> SecureVulnerabilityRuleBundlefunc GetSecureVulnerabilityRuleBundle(ctx *Context, name string, id IDInput, state *SecureVulnerabilityRuleBundleState, opts ...ResourceOption) (*SecureVulnerabilityRuleBundle, error)public static SecureVulnerabilityRuleBundle Get(string name, Input<string> id, SecureVulnerabilityRuleBundleState? state, CustomResourceOptions? opts = null)public static SecureVulnerabilityRuleBundle get(String name, Output<String> id, SecureVulnerabilityRuleBundleState state, CustomResourceOptions options)resources: _: type: sysdig:SecureVulnerabilityRuleBundle get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- A description for the rule bundle.
- Identifier string
- The external identifier of the vulnerability rule bundle.
- Name string
- The name of the vulnerability rule bundle.
- Rules
List<Secure
Vulnerability Rule Bundle Rule> - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - Secure
Vulnerability stringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - Timeouts
Secure
Vulnerability Rule Bundle Timeouts
- Description string
- A description for the rule bundle.
- Identifier string
- The external identifier of the vulnerability rule bundle.
- Name string
- The name of the vulnerability rule bundle.
- Rules
[]Secure
Vulnerability Rule Bundle Rule Args - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - Secure
Vulnerability stringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - Timeouts
Secure
Vulnerability Rule Bundle Timeouts Args
- description String
- A description for the rule bundle.
- identifier String
- The external identifier of the vulnerability rule bundle.
- name String
- The name of the vulnerability rule bundle.
- rules
List<Secure
Vulnerability Rule Bundle Rule> - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - secure
Vulnerability StringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts
Secure
Vulnerability Rule Bundle Timeouts
- description string
- A description for the rule bundle.
- identifier string
- The external identifier of the vulnerability rule bundle.
- name string
- The name of the vulnerability rule bundle.
- rules
Secure
Vulnerability Rule Bundle Rule[] - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - secure
Vulnerability stringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts
Secure
Vulnerability Rule Bundle Timeouts
- description str
- A description for the rule bundle.
- identifier str
- The external identifier of the vulnerability rule bundle.
- name str
- The name of the vulnerability rule bundle.
- rules
Sequence[Secure
Vulnerability Rule Bundle Rule Args] - A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - secure_
vulnerability_ strrule_ bundle_ id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts
Secure
Vulnerability Rule Bundle Timeouts Args
- description String
- A description for the rule bundle.
- identifier String
- The external identifier of the vulnerability rule bundle.
- name String
- The name of the vulnerability rule bundle.
- rules List<Property Map>
- A list of rule definitions. Each
ruleblock must define exactly one of the available rule types. For more details on rule types, see the Rules documentation. - secure
Vulnerability StringRule Bundle Id - The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - timeouts Property Map
Supporting Types
SecureVulnerabilityRuleBundleRule, SecureVulnerabilityRuleBundleRuleArgs
- Image
Label SecureVulnerability Rule Bundle Rule Image Label - Defines label-based matching rules for image configuration.
- Severities
And SecureThreats Vulnerability Rule Bundle Rule Severities And Threats - Defines rules based on vulnerability severity and threat intelligence.
- Image
Label SecureVulnerability Rule Bundle Rule Image Label - Defines label-based matching rules for image configuration.
- Severities
And SecureThreats Vulnerability Rule Bundle Rule Severities And Threats - Defines rules based on vulnerability severity and threat intelligence.
- image
Label SecureVulnerability Rule Bundle Rule Image Label - Defines label-based matching rules for image configuration.
- severities
And SecureThreats Vulnerability Rule Bundle Rule Severities And Threats - Defines rules based on vulnerability severity and threat intelligence.
- image
Label SecureVulnerability Rule Bundle Rule Image Label - Defines label-based matching rules for image configuration.
- severities
And SecureThreats Vulnerability Rule Bundle Rule Severities And Threats - Defines rules based on vulnerability severity and threat intelligence.
- image_
label SecureVulnerability Rule Bundle Rule Image Label - Defines label-based matching rules for image configuration.
- severities_
and_ Securethreats Vulnerability Rule Bundle Rule Severities And Threats - Defines rules based on vulnerability severity and threat intelligence.
- image
Label Property Map - Defines label-based matching rules for image configuration.
- severities
And Property MapThreats - Defines rules based on vulnerability severity and threat intelligence.
SecureVulnerabilityRuleBundleRuleImageLabel, SecureVulnerabilityRuleBundleRuleImageLabelArgs
- Id string
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - Label
Must stringExist - The rule matches if an image contains a label with this key.
- Label
Must List<SecureExist And Contain Values Vulnerability Rule Bundle Rule Image Label Label Must Exist And Contain Value> - A block specifying a label key and value that must exist in the image configuration.
- Label
Must stringNot Exist - The rule matches if an image does not contain a label with this key.
- Id string
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - Label
Must stringExist - The rule matches if an image contains a label with this key.
- Label
Must []SecureExist And Contain Values Vulnerability Rule Bundle Rule Image Label Label Must Exist And Contain Value - A block specifying a label key and value that must exist in the image configuration.
- Label
Must stringNot Exist - The rule matches if an image does not contain a label with this key.
- id String
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - label
Must StringExist - The rule matches if an image contains a label with this key.
- label
Must List<SecureExist And Contain Values Vulnerability Rule Bundle Rule Image Label Label Must Exist And Contain Value> - A block specifying a label key and value that must exist in the image configuration.
- label
Must StringNot Exist - The rule matches if an image does not contain a label with this key.
- id string
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - label
Must stringExist - The rule matches if an image contains a label with this key.
- label
Must SecureExist And Contain Values Vulnerability Rule Bundle Rule Image Label Label Must Exist And Contain Value[] - A block specifying a label key and value that must exist in the image configuration.
- label
Must stringNot Exist - The rule matches if an image does not contain a label with this key.
- id str
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - label_
must_ strexist - The rule matches if an image contains a label with this key.
- label_
must_ Sequence[Secureexist_ and_ contain_ values Vulnerability Rule Bundle Rule Image Label Label Must Exist And Contain Value] - A block specifying a label key and value that must exist in the image configuration.
- label_
must_ strnot_ exist - The rule matches if an image does not contain a label with this key.
- id String
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - label
Must StringExist - The rule matches if an image contains a label with this key.
- label
Must List<Property Map>Exist And Contain Values - A block specifying a label key and value that must exist in the image configuration.
- label
Must StringNot Exist - The rule matches if an image does not contain a label with this key.
SecureVulnerabilityRuleBundleRuleImageLabelLabelMustExistAndContainValue, SecureVulnerabilityRuleBundleRuleImageLabelLabelMustExistAndContainValueArgs
- Required
Label string - The label key that must exist.
- Required
Value string - The expected value for the given label key.
- Required
Label string - The label key that must exist.
- Required
Value string - The expected value for the given label key.
- required
Label String - The label key that must exist.
- required
Value String - The expected value for the given label key.
- required
Label string - The label key that must exist.
- required
Value string - The expected value for the given label key.
- required_
label str - The label key that must exist.
- required_
value str - The expected value for the given label key.
- required
Label String - The label key that must exist.
- required
Value String - The expected value for the given label key.
SecureVulnerabilityRuleBundleRuleSeveritiesAndThreats, SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsArgs
- Cisa
Kev doubleAvailable Since Days - Matches if the vulnerability has been in the CISA KEV catalog for at least this number of days.
- Cisa
Kev doubleDue Date In Days - Matches if the CISA KEV remediation due date is within this number of days.
- Cisa
Kev boolIn Ransomware Campaign - If
true, the vulnerability is part of a CISA KEV (Known Exploited Vulnerabilities) ransomware campaign. - Cvss
At doubleLeast - Matches if the vulnerability's CVSS score is at least this value (e.g.,
7.5). - Disclosure
Date SecureVulnerability Rule Bundle Rule Severities And Threats Disclosure Date - A block specifying that the vulnerability was disclosed within a specific date range.
- Disclosure
Older doubleThan Days - Matches if the vulnerability was publicly disclosed more than this number of days ago.
- Epss
Percentile doubleAt Least Percentage Matches if the EPSS percentile is at least this percentage (0-100).
Note on mutually exclusive fields:
- Within a
severities_and_threatsblock, only one ofseverity_at_least,severity_equals, orcvss_at_leastcan be set. disclosure_older_than_daysanddisclosure_dateare mutually exclusive.public_exploit_availableandpublic_exploit_available_since_daysare mutually exclusive.fix_availableandfix_available_since_daysare mutually exclusive.
- Within a
- Epss
Score doubleAt Least Percentage - Matches if the EPSS (Exploit Prediction Scoring System) score is at least this percentage (0-100).
- Exploit
Network boolAttack Vector - If
true, the exploit has a network attack vector. - Exploit
No boolAdmin Privileges - If
true, the exploit does not require administrator privileges. - Exploit
No boolUser Interaction - If
true, the exploit does not require user interaction. - Fix
Available bool - If
true, a fix is available for the vulnerability. - Fix
Available doubleSince Days - Matches if a fix has been available for at least this number of days.
- Id string
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - In
Use bool - If
true, the rule matches only if the vulnerable package is loaded in memory at runtime. - Package
Type string - Matches if the vulnerability is in a package of this type. Valid values:
os,nonOs. - Public
Exploit boolAvailable - If
true, a public exploit is known to exist for the vulnerability. - Public
Exploit doubleAvailable Since Days - Matches if a public exploit has been available for at least this number of days.
- Severity
At stringLeast - Matches if the vulnerability severity is at least this level. Valid values:
critical,high,medium,low,negligible. - Severity
Equals string - Matches if the vulnerability severity is exactly this level. Valid values:
critical,high,medium,low,negligible.
- Cisa
Kev float64Available Since Days - Matches if the vulnerability has been in the CISA KEV catalog for at least this number of days.
- Cisa
Kev float64Due Date In Days - Matches if the CISA KEV remediation due date is within this number of days.
- Cisa
Kev boolIn Ransomware Campaign - If
true, the vulnerability is part of a CISA KEV (Known Exploited Vulnerabilities) ransomware campaign. - Cvss
At float64Least - Matches if the vulnerability's CVSS score is at least this value (e.g.,
7.5). - Disclosure
Date SecureVulnerability Rule Bundle Rule Severities And Threats Disclosure Date - A block specifying that the vulnerability was disclosed within a specific date range.
- Disclosure
Older float64Than Days - Matches if the vulnerability was publicly disclosed more than this number of days ago.
- Epss
Percentile float64At Least Percentage Matches if the EPSS percentile is at least this percentage (0-100).
Note on mutually exclusive fields:
- Within a
severities_and_threatsblock, only one ofseverity_at_least,severity_equals, orcvss_at_leastcan be set. disclosure_older_than_daysanddisclosure_dateare mutually exclusive.public_exploit_availableandpublic_exploit_available_since_daysare mutually exclusive.fix_availableandfix_available_since_daysare mutually exclusive.
- Within a
- Epss
Score float64At Least Percentage - Matches if the EPSS (Exploit Prediction Scoring System) score is at least this percentage (0-100).
- Exploit
Network boolAttack Vector - If
true, the exploit has a network attack vector. - Exploit
No boolAdmin Privileges - If
true, the exploit does not require administrator privileges. - Exploit
No boolUser Interaction - If
true, the exploit does not require user interaction. - Fix
Available bool - If
true, a fix is available for the vulnerability. - Fix
Available float64Since Days - Matches if a fix has been available for at least this number of days.
- Id string
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - In
Use bool - If
true, the rule matches only if the vulnerable package is loaded in memory at runtime. - Package
Type string - Matches if the vulnerability is in a package of this type. Valid values:
os,nonOs. - Public
Exploit boolAvailable - If
true, a public exploit is known to exist for the vulnerability. - Public
Exploit float64Available Since Days - Matches if a public exploit has been available for at least this number of days.
- Severity
At stringLeast - Matches if the vulnerability severity is at least this level. Valid values:
critical,high,medium,low,negligible. - Severity
Equals string - Matches if the vulnerability severity is exactly this level. Valid values:
critical,high,medium,low,negligible.
- cisa
Kev DoubleAvailable Since Days - Matches if the vulnerability has been in the CISA KEV catalog for at least this number of days.
- cisa
Kev DoubleDue Date In Days - Matches if the CISA KEV remediation due date is within this number of days.
- cisa
Kev BooleanIn Ransomware Campaign - If
true, the vulnerability is part of a CISA KEV (Known Exploited Vulnerabilities) ransomware campaign. - cvss
At DoubleLeast - Matches if the vulnerability's CVSS score is at least this value (e.g.,
7.5). - disclosure
Date SecureVulnerability Rule Bundle Rule Severities And Threats Disclosure Date - A block specifying that the vulnerability was disclosed within a specific date range.
- disclosure
Older DoubleThan Days - Matches if the vulnerability was publicly disclosed more than this number of days ago.
- epss
Percentile DoubleAt Least Percentage Matches if the EPSS percentile is at least this percentage (0-100).
Note on mutually exclusive fields:
- Within a
severities_and_threatsblock, only one ofseverity_at_least,severity_equals, orcvss_at_leastcan be set. disclosure_older_than_daysanddisclosure_dateare mutually exclusive.public_exploit_availableandpublic_exploit_available_since_daysare mutually exclusive.fix_availableandfix_available_since_daysare mutually exclusive.
- Within a
- epss
Score DoubleAt Least Percentage - Matches if the EPSS (Exploit Prediction Scoring System) score is at least this percentage (0-100).
- exploit
Network BooleanAttack Vector - If
true, the exploit has a network attack vector. - exploit
No BooleanAdmin Privileges - If
true, the exploit does not require administrator privileges. - exploit
No BooleanUser Interaction - If
true, the exploit does not require user interaction. - fix
Available Boolean - If
true, a fix is available for the vulnerability. - fix
Available DoubleSince Days - Matches if a fix has been available for at least this number of days.
- id String
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - in
Use Boolean - If
true, the rule matches only if the vulnerable package is loaded in memory at runtime. - package
Type String - Matches if the vulnerability is in a package of this type. Valid values:
os,nonOs. - public
Exploit BooleanAvailable - If
true, a public exploit is known to exist for the vulnerability. - public
Exploit DoubleAvailable Since Days - Matches if a public exploit has been available for at least this number of days.
- severity
At StringLeast - Matches if the vulnerability severity is at least this level. Valid values:
critical,high,medium,low,negligible. - severity
Equals String - Matches if the vulnerability severity is exactly this level. Valid values:
critical,high,medium,low,negligible.
- cisa
Kev numberAvailable Since Days - Matches if the vulnerability has been in the CISA KEV catalog for at least this number of days.
- cisa
Kev numberDue Date In Days - Matches if the CISA KEV remediation due date is within this number of days.
- cisa
Kev booleanIn Ransomware Campaign - If
true, the vulnerability is part of a CISA KEV (Known Exploited Vulnerabilities) ransomware campaign. - cvss
At numberLeast - Matches if the vulnerability's CVSS score is at least this value (e.g.,
7.5). - disclosure
Date SecureVulnerability Rule Bundle Rule Severities And Threats Disclosure Date - A block specifying that the vulnerability was disclosed within a specific date range.
- disclosure
Older numberThan Days - Matches if the vulnerability was publicly disclosed more than this number of days ago.
- epss
Percentile numberAt Least Percentage Matches if the EPSS percentile is at least this percentage (0-100).
Note on mutually exclusive fields:
- Within a
severities_and_threatsblock, only one ofseverity_at_least,severity_equals, orcvss_at_leastcan be set. disclosure_older_than_daysanddisclosure_dateare mutually exclusive.public_exploit_availableandpublic_exploit_available_since_daysare mutually exclusive.fix_availableandfix_available_since_daysare mutually exclusive.
- Within a
- epss
Score numberAt Least Percentage - Matches if the EPSS (Exploit Prediction Scoring System) score is at least this percentage (0-100).
- exploit
Network booleanAttack Vector - If
true, the exploit has a network attack vector. - exploit
No booleanAdmin Privileges - If
true, the exploit does not require administrator privileges. - exploit
No booleanUser Interaction - If
true, the exploit does not require user interaction. - fix
Available boolean - If
true, a fix is available for the vulnerability. - fix
Available numberSince Days - Matches if a fix has been available for at least this number of days.
- id string
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - in
Use boolean - If
true, the rule matches only if the vulnerable package is loaded in memory at runtime. - package
Type string - Matches if the vulnerability is in a package of this type. Valid values:
os,nonOs. - public
Exploit booleanAvailable - If
true, a public exploit is known to exist for the vulnerability. - public
Exploit numberAvailable Since Days - Matches if a public exploit has been available for at least this number of days.
- severity
At stringLeast - Matches if the vulnerability severity is at least this level. Valid values:
critical,high,medium,low,negligible. - severity
Equals string - Matches if the vulnerability severity is exactly this level. Valid values:
critical,high,medium,low,negligible.
- cisa_
kev_ floatavailable_ since_ days - Matches if the vulnerability has been in the CISA KEV catalog for at least this number of days.
- cisa_
kev_ floatdue_ date_ in_ days - Matches if the CISA KEV remediation due date is within this number of days.
- cisa_
kev_ boolin_ ransomware_ campaign - If
true, the vulnerability is part of a CISA KEV (Known Exploited Vulnerabilities) ransomware campaign. - cvss_
at_ floatleast - Matches if the vulnerability's CVSS score is at least this value (e.g.,
7.5). - disclosure_
date SecureVulnerability Rule Bundle Rule Severities And Threats Disclosure Date - A block specifying that the vulnerability was disclosed within a specific date range.
- disclosure_
older_ floatthan_ days - Matches if the vulnerability was publicly disclosed more than this number of days ago.
- epss_
percentile_ floatat_ least_ percentage Matches if the EPSS percentile is at least this percentage (0-100).
Note on mutually exclusive fields:
- Within a
severities_and_threatsblock, only one ofseverity_at_least,severity_equals, orcvss_at_leastcan be set. disclosure_older_than_daysanddisclosure_dateare mutually exclusive.public_exploit_availableandpublic_exploit_available_since_daysare mutually exclusive.fix_availableandfix_available_since_daysare mutually exclusive.
- Within a
- epss_
score_ floatat_ least_ percentage - Matches if the EPSS (Exploit Prediction Scoring System) score is at least this percentage (0-100).
- exploit_
network_ boolattack_ vector - If
true, the exploit has a network attack vector. - exploit_
no_ booladmin_ privileges - If
true, the exploit does not require administrator privileges. - exploit_
no_ booluser_ interaction - If
true, the exploit does not require user interaction. - fix_
available bool - If
true, a fix is available for the vulnerability. - fix_
available_ floatsince_ days - Matches if a fix has been available for at least this number of days.
- id str
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - in_
use bool - If
true, the rule matches only if the vulnerable package is loaded in memory at runtime. - package_
type str - Matches if the vulnerability is in a package of this type. Valid values:
os,nonOs. - public_
exploit_ boolavailable - If
true, a public exploit is known to exist for the vulnerability. - public_
exploit_ floatavailable_ since_ days - Matches if a public exploit has been available for at least this number of days.
- severity_
at_ strleast - Matches if the vulnerability severity is at least this level. Valid values:
critical,high,medium,low,negligible. - severity_
equals str - Matches if the vulnerability severity is exactly this level. Valid values:
critical,high,medium,low,negligible.
- cisa
Kev NumberAvailable Since Days - Matches if the vulnerability has been in the CISA KEV catalog for at least this number of days.
- cisa
Kev NumberDue Date In Days - Matches if the CISA KEV remediation due date is within this number of days.
- cisa
Kev BooleanIn Ransomware Campaign - If
true, the vulnerability is part of a CISA KEV (Known Exploited Vulnerabilities) ransomware campaign. - cvss
At NumberLeast - Matches if the vulnerability's CVSS score is at least this value (e.g.,
7.5). - disclosure
Date Property Map - A block specifying that the vulnerability was disclosed within a specific date range.
- disclosure
Older NumberThan Days - Matches if the vulnerability was publicly disclosed more than this number of days ago.
- epss
Percentile NumberAt Least Percentage Matches if the EPSS percentile is at least this percentage (0-100).
Note on mutually exclusive fields:
- Within a
severities_and_threatsblock, only one ofseverity_at_least,severity_equals, orcvss_at_leastcan be set. disclosure_older_than_daysanddisclosure_dateare mutually exclusive.public_exploit_availableandpublic_exploit_available_since_daysare mutually exclusive.fix_availableandfix_available_since_daysare mutually exclusive.
- Within a
- epss
Score NumberAt Least Percentage - Matches if the EPSS (Exploit Prediction Scoring System) score is at least this percentage (0-100).
- exploit
Network BooleanAttack Vector - If
true, the exploit has a network attack vector. - exploit
No BooleanAdmin Privileges - If
true, the exploit does not require administrator privileges. - exploit
No BooleanUser Interaction - If
true, the exploit does not require user interaction. - fix
Available Boolean - If
true, a fix is available for the vulnerability. - fix
Available NumberSince Days - Matches if a fix has been available for at least this number of days.
- id String
- The internal identifier of the vulnerability rule bundle. This is the ID to be used in the
sysdig_secure_vulnerability_policy.bundlesfield. - in
Use Boolean - If
true, the rule matches only if the vulnerable package is loaded in memory at runtime. - package
Type String - Matches if the vulnerability is in a package of this type. Valid values:
os,nonOs. - public
Exploit BooleanAvailable - If
true, a public exploit is known to exist for the vulnerability. - public
Exploit NumberAvailable Since Days - Matches if a public exploit has been available for at least this number of days.
- severity
At StringLeast - Matches if the vulnerability severity is at least this level. Valid values:
critical,high,medium,low,negligible. - severity
Equals String - Matches if the vulnerability severity is exactly this level. Valid values:
critical,high,medium,low,negligible.
SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsDisclosureDate, SecureVulnerabilityRuleBundleRuleSeveritiesAndThreatsDisclosureDateArgs
SecureVulnerabilityRuleBundleTimeouts, SecureVulnerabilityRuleBundleTimeoutsArgs
Import
Vulnerability rule bundles can be imported using their bundle ID, for example:
$ pulumi import sysdig:index/secureVulnerabilityRuleBundle:SecureVulnerabilityRuleBundle example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.
